Is Eloquent safe?

W

WebDev2016-03-15 23:52:18

Laravel

WebDev, 2016-03-15 23:52:18

Is Eloquent safe?

Hello everyone, I'm wondering how secure is the Eloquest ORM in Laravel? That is, is there a need to somehow filter the data before inserting? If yes, then why and how, and it would be a great example of injecting into "naked" Eloquent.
UPD: I have always been very interested in such thoughts in all sorts of lessons and articles: "It is clear that this will not save us completely from injections, but it will protect us from the majority.". And no one ever gives an example of such a cunning injection. It seems that the authors themselves do not know.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Andrzej Wielski, 2016-03-16
@kirill-93

If you do this:
Of course, the protection will come to naught.
But if you use only ORM constructs, and do not send publicly received data with Raw requests, Eloquent is completely safe.
And in my opinion, you don’t even need to think about using Laravel, ignoring all its charms.
If you don't use Laravel's MVC structure, don't use models with ORM, validation, Request, middleware, filters, providers - sit on bare PHP, why do you need Laravel?